1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
//! Secret value types.
//!
//! These are thin newtypes around [`secrecy::SecretBox`] tuned to the two
//! shapes we actually store: UTF-8 string values (`SecretString`) and fixed
//! byte buffers (`SecretBytes<N>`). Both wipe their contents on drop and
//! redact in `Debug` output.
use SecretBox;
/// A heap-allocated UTF-8 secret string.
///
/// This is the type alias defined by [`secrecy`]; we re-export it under
/// [`crate::crypto::SecretString`] for ergonomics.
///
/// # Examples
/// ```
/// use evault_core::crypto::{ExposeSecret, SecretString};
///
/// let s = SecretString::from(String::from("hunter2"));
/// // `Debug` is redacted:
/// assert!(!format!("{s:?}").contains("hunter2"));
/// // Explicit access via `ExposeSecret`:
/// assert_eq!(s.expose_secret(), "hunter2");
/// ```
pub type SecretString = SecretString;
/// A fixed-size byte buffer that wipes on drop.
///
/// Used for master keys and other binary secrets. The const parameter `N`
/// fixes the size so that callers do not have to validate it at runtime.
///
/// # Examples
/// ```
/// use evault_core::crypto::{ExposeSecret, SecretBytes};
///
/// let buf: SecretBytes<32> = secrecy::SecretBox::new(Box::new([0xAB_u8; 32]));
/// assert_eq!(buf.expose_secret()[0], 0xAB);
/// ```
pub type SecretBytes<const N: usize> = ;